Thursday, July 23, 2015

Security – Hacking a Car is round the corner

I guess you have read or heard the news about the Hackers that took remote control of a car on the highway. Two researchers exploited a zero-day vulnerability in a Jeep Cherokee’s Uconnect infotainment system to gain wireless control of the car.

Click HERE for the report.

You may be happy to drive a car manufactured “before Internet” hit the road. Now, you can see that the Internet can seriously “hit the road” !

Fortunately there are people that have expected this to happen. Some of them in the USA have already become active: The world’s first automotive cyber-security law may force automakers to deliver software updates and stop vehicle tracking as part of new IT security standards regarding connected cars in the US.

Click HERE to read more background information on the new US Senate Bill.

Click HERE for the Senate Bill.

The number of cars is much bigger than the number of substations – in the USA and in Europe … and all over. It is very likely (from my point of view) that the automobile industry will develop very soon international standards for the Security and Privacy in Cars. I expect that such a development will impact also the discussion on security for power delivery systems. The damage that could be caused by hacking a electrical delivery system could be much higher than turn-on the air-condition in a car.

I have experienced more than 30 years ago that the automakers are strong in introducing standards: The GM led the project MAP (Manufacturing Automation Protocols). Unfortunately manufacturers of automation equipment decided not to follow GM’s vision.

With regard to security, I hope that the automakers will help to bring more security to any kind of smart devices: in cars, in homes, in factories, in substations and …

In case of somebody taking over a car, it may be very dangerous to securely bring a (or even many) cars to a hold. But bringing a part of a power system to a hold means: BLACKOUT!! The “SECURE” state: “STOPPED” means: no power!

In case of a stopped car, you may take the next bus or just walk. A stopped power delivery system must be brought back to operation using again thousands of smart devices. Have you ever asked yourself how many smart network-connected computers are involved in power delivery systems? The number goes into the many millions …

Discuss security issues with your colleagues and your management. And maybe contract with experts …

1 comment:

Behzad said...

I think the problem exists, because the design is flawed! Why the don't separate engine network ( if it exists ) from other components? Why should the connected to each other?